Mozilla has issued a warning to browser extension developers about a phishing campaign that is currently targeting accounts on its official AMO (addons.mozilla.org) repository. The nonprofit organization behind the Firefox browser stated that these phishing emails are impersonating the AMO team, misleading developers to believe their accounts need urgent updates to continue accessing development features.
The AMO platform, which hosts over 60,000 browser extensions and more than 500,000 themes, serves tens of millions of users worldwide. Mozilla’s advisory raises concerns that this fraudulent outreach could lead to compromised developer accounts if caution is not exercised.
Mozilla emphasized that developers should verify the authenticity of emails claiming to be from Mozilla or AMO by checking whether they originate from approved domains and pass standard email authentication checks, including SPF, DKIM, and DMARC. It is advised that users do not click on links in emails that raise suspicion and that they navigate directly to official Mozilla or Firefox websites to log in.
Although Mozilla has not disclosed the extent of the phishing campaign or whether any accounts have been compromised, at least one developer alleges to have fallen victim to the attacks. Mozilla has committed to providing updates should further information about the campaign become available.
This warning follows last month’s announcement regarding a new security feature launched by Mozilla’s Add-ons Operations team to block malicious Firefox extensions, aimed particularly at safeguarding against attacks that drain cryptocurrency wallets. According to Andreas Wagner, the Add-ons Operations Manager, Mozilla has successfully identified and removed hundreds of fraudulent extensions linked to malicious activities over the years, as cybercriminals stole $494 million worth of cryptocurrency last year from over 300,000 wallets.